# This is ssh server systemwide configuration file. # # $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.5 2001/01/18 22:36:53 green Exp $ Port 22 #--lavr, for example we can listen some more another ports, use it with FW #Port 2022 Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: HostKey /usr/local/etc/ssh/ssh_host_key # HostKeys for protocol version 2 HostKey /usr/local/etc/ssh_host_rsa_key HostKey /usr/local/etc/ssh/ssh_host_dsa_key #--lavr HostDsaKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 120 KeyRegenerationInterval 3600 PermitRootLogin yes # ConnectionsPerPeriod has been deprecated completely # After 10 unauthenticated connections, refuse 30% of the new ones, and # refuse any more than 60 total. MaxStartups 10:30:60 # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding yes X11DisplayOffset 10 PrintMotd yes #PrintLastLog no KeepAlive yes # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging #--lavr for rsh compatibale, set "yes" RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # RSAAuthentication yes #--lavr for DSA auth, SSH2 DSAAuthentication yes #--lavr, some specific #TCP forwarding, by default="yes" #AllowTcpForwarding #--lavr, define authorized file #AuthorizedKeysFile %h/.ssh/authorized_keys #--lavr, send some info before authorization will done #Banner /path/filename #--lavr, define which style authorized will allowed (login.conf) #ChallengeResponseAuthentication #--lavr, set timeout(default=0) when client doesn't change data with server # protocol 2 only #ClientAliveInterval #--lavr, when alivecountmax is achived, sshd desconnect client #ClientAliveCountMax (default 3) #GatewayPorts (default no) #--lavr for protocol 2 only #MACs default=``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96'' #PidFile /path/filename #XAuthLocation default=/usr/X11R6/bin/xauth # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #--lavr uncomment SkeyAuthentication no #KbdInteractiveAuthentication yes # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes #CheckMail yes #UseLogin no #AllowUsers root toor #AllowGroups #DenyUsers #DenyGroups #MaxStartups 10:30:60 #Banner /etc/issue.net #ReverseMappingCheck yes # Uncomment if you want to enable sftp Subsystem sftp /usr/libexec/sftp-server